Technical Article

ClickJacking Your Way Into Office

I recently blogged about a new type of browser vulnerability called ClickJacking aimed at tricking you into clicking on something you weren't aware you were clicking on. The idea is that the bad guy hides a button by making it invisible and then "moves" it under you mouse right before you click thus causing you to either submit information, download something harmful, or start a process on your computer such as a webcam. Luckily there is a FireFox plugin to help protect you from those bad guys.

But what happens when the bad guys move away from the browser and into the polling booths? As far as I know this hasn't happened yet but according to a team from Rice University, ClickJacking your way into office is entirely possible.

The team of hackers from Rice University conducted a exercise to test the security of touch screen voting machines. They created an invisible touch-screen button that ensured that one contender would receive 90 percent of the vote.

As reported on MSNBC.com, Dan Wallach, an associate professor of computer science and director of Rice's Computer Security Lab, said his class's exercise reconfirmed his believe that anyone with a little know-how and the right access could easily do considerable damage. Despite the classroom setting, students said the vote tampering was eye-opening not only because of how straightforward it was to cause damage, but also because of how easy it was to get away with it — despite the scrutiny of other classmates primed to look for mischief.

At least my vote will be safe. That is, unless they find a way to ClickJack my absentee ballot.